证书验证公私钥不匹配

Conflicts: src/main/resources/messages/message_en.properties src/main/resources/messages/message_ru.properties src/main/resources/messages/message_zh_CN.properties
2019-04-27 19:00:12 +08:00
parent ad5e517f23
commit 3910bcb4e1
5 changed files with 40 additions and 9 deletions
--- a/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java
+++ b/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java
@@ -102,8 +102,8 @@ public class PxyObjKeyringController extends BaseController {
 		boolean validFlag = true;
 		try {
 			Properties msgProp = this.getMsgProp();
-			boolean publicKeyFileflag = validCertFileContent(publicKeyFileI, "-incert");
-			boolean privateKeyFileflag = validCertFileContent(privateKeyFileI, "-inkey");
+			boolean publicKeyFileflag = validCertFileContent(publicKeyFileI,null, "-incert");
+			boolean privateKeyFileflag = validCertFileContent(privateKeyFileI,null, "-inkey");
 			if (!publicKeyFileflag && !privateKeyFileflag) {
 				addMessage(redirectAttributes, "error", "save_failed");
 				logger.error(publicKeyFileI.getOriginalFilename() + " and " + privateKeyFileI.getOriginalFilename()
@@ -118,6 +118,16 @@ public class PxyObjKeyringController extends BaseController {
 				logger.error(privateKeyFileI.getOriginalFilename() + " file non private key file format ");
 				throw new MultiPartNewException(msgProp.getProperty("private_file_error"));
 			}
+			
+			//证书对校验
+			if(publicKeyFileflag && privateKeyFileflag){
+				boolean keyRingFileflag = validCertFileContent(publicKeyFileI,privateKeyFileI, "-incheck");
+				if (!keyRingFileflag) {
+					addMessage(redirectAttributes, "error", "save_failed");
+					logger.error(" 公私钥不匹配 ");
+					throw new MultiPartNewException(msgProp.getProperty("public_private_file_error"));
+				}
+			}
 		} catch (Exception e) {
 			validFlag = false;
 			logger.error("证书文件校验失败", e);
@@ -281,7 +291,7 @@ public class PxyObjKeyringController extends BaseController {
 	 * @return
 	 * @throws Exception
 	 */
-	public boolean validCertFileContent(MultipartFile file, String validateType) throws Exception {
+	public boolean validCertFileContent(MultipartFile file,MultipartFile privateFile, String validateType) throws Exception {
 		String os = System.getProperty("os.name").toLowerCase();
 		if (!os.contains("windows") && file != null) {
 			// 证书文件临时保存路径
@@ -289,8 +299,16 @@ public class PxyObjKeyringController extends BaseController {
 			FileUtils.createDirectory(certFilePath);
 			String filePath = certFilePath + File.separator + UUID.randomUUID()
 					+ FileUtils.getSuffix(file.getOriginalFilename(), true);
+			String privateFilePath="";
 			File uploadFile = new File(filePath);
 			FileCopyUtils.copy(file.getBytes(), uploadFile);
+			
+			if(!StringUtil.isEmpty(privateFile)){
+				privateFilePath=certFilePath + File.separator + UUID.randomUUID()
+				+ FileUtils.getSuffix(privateFile.getOriginalFilename(), true);
+				File privateUploadFile = new File(privateFilePath);
+				FileCopyUtils.copy(privateFile.getBytes(), privateUploadFile);
+			}
 			// 加载x509脚本
 			String x509Shell = Thread.currentThread().getContextClassLoader()
 					.getResource(File.separator + "shell" + File.separator + Constants.CERT_VALIDATE_FILE).getPath();
@@ -299,8 +317,8 @@ public class PxyObjKeyringController extends BaseController {
 			logger.info("x509 chmod +x :" + resultMap1.get("out").toString());
 			logger.info("x509脚本分配可执行权限:" + "chmod" + " " + "+x" + " " + x509Shell);
 			// 验证文件
-			logger.info(x509Shell + " " + validateType + " " + filePath);
-			Map<String, Object> resultMap = this.execShell(x509Shell, validateType, filePath);
+			logger.info(x509Shell + " " + validateType + " " + filePath+ " " + privateFilePath);
+			Map<String, Object> resultMap = this.execShell(x509Shell, validateType, filePath, privateFilePath);

 			if (resultMap == null || StringUtil.isEmpty(resultMap.get("out"))) {
 				// 临时文件删除
@@ -600,7 +618,7 @@ public class PxyObjKeyringController extends BaseController {
 		File file = null;
 		boolean validFlag = true;
 		try {
-			boolean certFileflag = validCertFileContent(certFileI, "-incert");
+			boolean certFileflag = validCertFileContent(certFileI,null, "-incert");
 			if (!certFileflag) {
 				addMessage(redirectAttributes, "error", "save_failed");
 				logger.error(certFileI.getOriginalFilename() + " file non Certificate file format ");
@@ -707,7 +725,7 @@ public class PxyObjKeyringController extends BaseController {
 		boolean validFlag = true;
 		try {
 			if (crlFileI != null) {
-				boolean certFileflag = validCertFileContent(crlFileI, "-incrl");
+				boolean certFileflag = validCertFileContent(crlFileI,null, "-incrl");
 				if (!certFileflag) {
 					addMessage(redirectAttributes, "error", "save_failed");
 					logger.error(crlFileI.getOriginalFilename() + " file non crl file format ");
--- a/src/main/resources/messages/message_en.properties
+++ b/src/main/resources/messages/message_en.properties
@@ -1515,6 +1515,7 @@ src_ip_pattern=Client IP Pattern
 dest_ip_pattern=Server IP Pattern
 src_port_pattern=Client Port Pattern
 dest_port_pattern=Server Port Pattern
+<<<<<<< develop_20190508_branch
 url_group_configuration=URL Group Configuration
 dns_keyword_group_configuration=DNS Keyword Group Configuration
 app_ip_correlation=APP IP Correlation
@@ -1525,3 +1526,5 @@ dns_keyword_group_manage=DNS Keyword Group Manage
 old_asn_group_manage=ASN Group
 url_group_manage=URL Group Manage
 range_cross=Found intersections between Server IP address and Client IP address
+app_ip_correlation=APP IP Correlation
+public_private_file_error=Public-private key mismatch
--- a/src/main/resources/messages/message_ru.properties
+++ b/src/main/resources/messages/message_ru.properties
@@ -1512,4 +1512,12 @@ effective=Effective
 admin_user_warn=Admin User Warn
 interface_total=Interface Total
 service_total=Service Total
-none_file_tip=Please Choose File!
+none_file_tip=Please Choose File!
+the_same_ip_type=IP-\u0430\u0434\u0440\u0435\u0441 \u043A\u043B\u0438\u0435\u043D\u0442\u0430 \u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0434\u043E\u043B\u0436\u043D\u044B \u0438\u043C\u0435\u0442\u044C \u043E\u0434\u0438\u043D \u0438 \u0442\u043E\u0442 \u0436\u0435 \u0442\u0438\u043F.
+src_ip_pattern=Client IP Pattern
+dest_ip_pattern=Server IP Pattern
+src_port_pattern=Client Port Pattern
+dest_port_pattern=Server Port Pattern
+range_cross=Found intersections between Server IP address and Client IP address
+app_ip_correlation=APP IP Correlation
+public_private_file_error=Public-private key mismatch
--- a/src/main/resources/messages/message_zh_CN.properties
+++ b/src/main/resources/messages/message_zh_CN.properties
@@ -1514,4 +1514,6 @@ src_ip_pattern=\u6E90IP\u683C\u5F0F
 dest_ip_pattern=\u76EE\u7684IP\u683C\u5F0F
 src_port_pattern=\u6E90\u7AEF\u53E3\u683C\u5F0F
 dest_port_pattern=\u76EE\u7684\u7AEF\u53E3\u683C\u5F0F
-range_cross=\u6E90IP\u4E0E\u76EE\u7684IP\u8303\u56F4\u6709\u4EA4\u53C9
+range_cross=\u6E90IP\u4E0E\u76EE\u7684IP\u8303\u56F4\u6709\u4EA4\u53C9
+app_ip_correlation=APP\u5173\u8054\u7279\u5F81IP\u914D\u7F6E
+public_private_file_error=\u516C\u79C1\u94A5\u8BC1\u4E66\u4E0D\u5339\u914D
--- a/src/main/resources/shell/x509
+++ b/src/main/resources/shell/x509